[Bug 1242009] [NEW] upgrader prompts the user to activate new certificates, given no context

Sat Oct 19 11:16:37 UTC 2013

Public bug reported:

While upgrading from Ubuntu 13.04 to 13.10 the user is prompted to
activate new cacert.org certificates (specifically
"cacert.org/cacert.org_class3.crt and cacert.org/cacert.org_root.crt).
The user is not given any context describing why the certificate update
was requested or is necessary nor does it allow the user to inspect the
certificates. The user is merely prompted to confirm certificates the
user "trusts".

I am not sure which version of Ubuntu this bug should be filed against.
It's either 13.04 or 13.10. I could not find version information about
the upgrader using apt-cache policy but I did check dpkg -l and found
"ubuntu-release-upgrader-core" version 1:0.205.

I expected to be able to learn the location of the certificates on the
filesystem so I could verify their authenticity. Instead I just had to
either accept or reject the certificates blindly.. I suspect the tool
would normally be started by the user, manually, meaning the user would
already know where the certificate is.

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: ubuntu-release-upgrader-core 1:0.192.13
ProcVersionSignature: Ubuntu 3.8.0-31.46-generic 3.8.13.8
Uname: Linux 3.8.0-31-generic x86_64
ApportVersion: 2.9.2-0ubuntu8.3
Architecture: amd64
CrashDB: ubuntu
Date: Sat Oct 19 05:54:54 2013
MarkForUpload: True
PackageArchitecture: all
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ubuntu-release-upgrader
Symptom: ubuntu-release-upgrader
UpgradeStatus: Upgraded to raring on 2013-10-19 (0 days ago)
VarLogDistupgradeTermlog:

** Affects: ubuntu-release-upgrader (Ubuntu)
     Importance: Undecided
         Status: New

** Tags: amd64 apport-bug dist-upgrade raring

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1242009

Title:
  upgrader prompts the user to activate new certificates, given no
  context

Status in “ubuntu-release-upgrader” package in Ubuntu:
  New

Bug description:
  While upgrading from Ubuntu 13.04 to 13.10 the user is prompted to
  activate new cacert.org certificates (specifically
  "cacert.org/cacert.org_class3.crt and cacert.org/cacert.org_root.crt).
  The user is not given any context describing why the certificate
  update was requested or is necessary nor does it allow the user to
  inspect the certificates. The user is merely prompted to confirm
  certificates the user "trusts".

  I am not sure which version of Ubuntu this bug should be filed
  against. It's either 13.04 or 13.10. I could not find version
  information about the upgrader using apt-cache policy but I did check
  dpkg -l and found "ubuntu-release-upgrader-core" version 1:0.205.

  I expected to be able to learn the location of the certificates on the
  filesystem so I could verify their authenticity. Instead I just had to
  either accept or reject the certificates blindly.. I suspect the tool
  would normally be started by the user, manually, meaning the user
  would already know where the certificate is.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: ubuntu-release-upgrader-core 1:0.192.13
  ProcVersionSignature: Ubuntu 3.8.0-31.46-generic 3.8.13.8
  Uname: Linux 3.8.0-31-generic x86_64
  ApportVersion: 2.9.2-0ubuntu8.3
  Architecture: amd64
  CrashDB: ubuntu
  Date: Sat Oct 19 05:54:54 2013
  MarkForUpload: True
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: ubuntu-release-upgrader
  Symptom: ubuntu-release-upgrader
  UpgradeStatus: Upgraded to raring on 2013-10-19 (0 days ago)
  VarLogDistupgradeTermlog:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1242009/+subscriptions